How to Protect Your Business from Cyberattacks

Every business has insurance in case of fires, tornados, and other natural disasters. But what about data breaches?

Most insurance plans don’t cover the costs from data disasters. They don’t cover fines, the cost to hire technology firms to restore operations nor do they pay for credit monitoring for your affected customers. That all comes out of your pocket.

Unless of course you have cyberinsurance, a policy specifically designed to help your business offset the risk from data breaches. Typically these policies cover claims from both you and your customers. While not yet standardized, they most often cover expenses for investigation, business losses, privacy and notification and lawsuits and extortion.

What to look for in a Cyberinsurance provider?

Currently, cyberinsurance isn’t standardized, so policies will vary between carriers. Nonetheless, it is still critical to ensuring the stability of your business should an attack take place. For a cyberinsurance policy to be worth the investment, keep these in mind:

Carriers that offer more than one policy, especially more than one standalone policy instead of extensions, is more likely to provide all of the coverage you could need.

Just like any other insurance policy, make sure you compare deductibles.

Take note of how the coverage and limits apply to third parties, as well as yourself. A policy that covers third-party service providers is more beneficial to one that only covers data breaches at your company.

Similarly, policies should cover any attack to which you were a victim and not just those on your individual business.

Your policy should also cover non-malicious actions by an employee as a part of E&O coverage.

Phishing and advanced persistent threats (APTs) are other avenues in which outside individuals can gain access to your proprietary information. Look for policies that cover social engineering attacks as well as network attacks.

Not all attacks take place quickly, so check with providers to see if time frames for coverage are stipulated.

The choice of a cyberinsurance carrier is an important one, and, while this list can get you started in your search, it is by no means exhaustive. Take the time to research carriers fully and determine the best one for your needs.